Re: KazAa ?

have you had Gator on the system?
i have just finished cleaning a client site that had this same sot of
problem and it all started with Gator.
In my opinion both Gator and Kazaa should been baned from use as they cause
WAAAAAYYYYY to many issues.

check in your registery to make sure that it is not on the system

" ~¿~" <> wrote in message
newsTsKa.21025$Ab2.42793@sccrnsc01...
> For the last few weeks KazAa has been trying to send packets which contain
a
> sub-7 trojan. It's being blocked by the firewall, but the thing is: I've
> never used KazAa in my system. Anyone have any ideas why this service
would
> be sending trojans to people who have never even been to the KazAa site?
>
> Thanks
>
>

> In my opinion both Gator and Kazaa should been baned from use as they cause
> WAAAAAYYYYY to many issues.

Kazaa is known to have ad/spyware installed. Kazaa Lite
(http://www.kazaalite.tk/) is a rogue version of Kazaa with the ad/spyware
hacked out of it and it works just as well (probably better without the
adware drag).

~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified.

Advertisements

"RCS" <> wrote in message
news:...
> have you had Gator on the system?
> i have just finished cleaning a client site that had this same sot of
> problem and it all started with Gator.
> In my opinion both Gator and Kazaa should been baned from use as they
cause
> WAAAAAYYYYY to many issues.
>
> check in your registery to make sure that it is not on the system

Nope, no Gator. I have never downloaded KazAa or KazAa-lite into this
computer, so I am wondering... Could it be a bot posing as KazAa? It's
weird, because I get about 300 packets containing sub-7 trojans everyday.

> " ~¿~" <> wrote in message
> newsTsKa.21025$Ab2.42793@sccrnsc01...
> > For the last few weeks KazAa has been trying to send packets which
contain
> a
> > sub-7 trojan. It's being blocked by the firewall, but the thing is: I've
> > never used KazAa in my system. Anyone have any ideas why this service
> would
> > be sending trojans to people who have never even been to the KazAa site?
> >
> > Thanks
> >
> >
>
>

RCS wrote:
> In my opinion both Gator and Kazaa should been baned from use as they
> cause WAAAAAYYYYY to many issues.

While you are right about Gator, I will have to disagree with you regarding
Kazaa.
Issues involved in Kazaa mostly involve spyware, and the solutions to this
are kind of common knowledge - kazaa lite, adaware and/or spyware are all
suggested methods.
Other issues that may come up from Kazaa or any other program that uses p2p
protocols such as viruses are user-specific problems. Let us not forget
that virtual file sharing has replaced the traditional file sharing, where
you could easily get infected from a floppy disk if you weren't cautious.

The only other issue that comes to my mind regarding banning Kazaa would be
the copyright laws, but this is an issue for another NG, not A.C.S.

RCS wrote:
> In my opinion both Gator and Kazaa should been baned from use as they
> cause WAAAAAYYYYY to many issues.

While you are right about Gator, I will have to disagree with you regarding
Kazaa.
Issues involved in Kazaa mostly involve spyware, and the solutions here
are kind of common knowledge - kazaa lite, adaware and/or spybot are all
suggested methods.
Other issues that may come up from Kazaa or any other program that uses p2p
protocols such as viruses are user-specific problems. Let us not forget
that virtual file sharing has replaced the traditional file sharing, where
you could easily get infected from a floppy disk if you weren't cautious.

The only other issue that comes to my mind regarding banning Kazaa would be
the copyright laws, but this is an issue for another NG, not A.C.S.

On 26 Jun 2003 04:14:49 -0000 I replied to
<Use-Author-Address-Header@[127.1]> on a piece of toilet paper
while scribbling their name and phone number on the bathroom wall
in alt.computer.security
>
>Kazaa is known to have ad/spyware installed. Kazaa Lite
>(http://www.kazaalite.tk/) is a rogue version of Kazaa with the ad/spyware
>hacked out of it and it works just as well (probably better without the
>adware drag).

MUCH better if you ask me. I haven't had a single problem with it,
other than finding idiots sending me 100 meg articles on a dial-up
modem.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
If you think you know me, you don't.
.........Satirically yours
**
Worst feeling in the world? Sliding down
a 51 foot razorblade into a pool of Gin.

Best feeling in the world? Watching your nemesis Sliding
down a 51 foot razorblade into a pool of Gin.--GroveGnome
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

"The Saint" <-c.pbz> wrote in message
news:-p.com...
> ~¿~ wrote:
>
> >I get about 300 packets containing sub-7 trojans everyday.
>
> Would you mind elaborating on that? Please give some details on the
> packet size/contents and what port(s) it attempts to exploit.
>

I think we have a firewall newbie here. IIRC Kazaa uses a range of ports,
one of which matches the default Sub7 port. So what the OP is presumably
seeing is actually connect-attempts to a port that the fwall describes as
being used by Sub7; they don't 'contain' the trojan, but under different
circumstances might be construed as attempts to access a Sub7 if there was
one installed on OP's machine.

OP: You've probably just picked up an IP address from your ISP that was
previously being used by someone who was in the middle of a Kazaa session
with some other machines. They must have suddenly gone offline without
shutting down Kazaa, and when you came online and got the IP address they
had been using, the other Kazaa peers kept sending packets because they
didn't know it was now a different machine. Just let your firewall block
the packets and don't worry about it.

DaveK
--
moderator of
alt.talk.rec.soc.biz.news.comp.humanities.meow.misc.moderated.meow
Burn your ID card! http://www.optional-identity.org.uk/
Help support the campaign, copy this into your .sig!
Proud Member of the Exclusive "I have been plonked by Davee because he
thinks I'm interesting" List Member #<insert number here>
Master of Many Meowing Minions
Holder of the exhalted PF Chang's Crab Wonton Award for kook spankage above
and beyond the call of hilarity.
PGP Key-ID: 0x0FB504D1 Fingerprint 04B7 2E8C 0245 680E 6484 C441 CEC7 D2BD

" ~¿~" <> wrote in message
news:UBvKa.22437$3d.13481@sccrnsc02...
> Nope, no Gator. I have never downloaded KazAa or KazAa-lite into this
> computer, so I am wondering... Could it be a bot posing as KazAa? It's
> weird, because I get about 300 packets containing sub-7 trojans everyday.

Most likely you are simply being probed. A lot of hack attempts will probe
known ports of thousands of computers in the hopes of eventually finding
one with an open port it can exploit. I would suggest testing your machine
for open ports using a port scanner.

The Gibson Research Center has a web-based port scanner that will do the
job for you (https://grc.com/x/ne.dll?bh0bkyd2). I highly recommend it.
Installing a firewall will not only help block incoming traffic but
firewalls like Zone Alarm and Kerio will allow you to block outgoing
traffic as well in case you have a trojan somewhere.

Do a web search for Ad-Aware and Spybot Search and Destroy in order to
locate any possible trojans and spyware on your computer. I'm sure I'm
missing some, but these will be good steps in the right direction.

I use www.dnsredirector.com to prevent P2P File Sharing software and other
spyware from being used / installed on my clients networks

If anyone out there has some more keywords (domain names) to block let me
know. (just reply here)
Also, is there a website or list of more blocking keywords for this program
or others like it?
(although I must say thier 'sample' keywords block 99.9% of the crap I'm
worried about)

Jessica

"RCS" <> wrote in message
news:...
> have you had Gator on the system?
> i have just finished cleaning a client site that had this same sot of
> problem and it all started with Gator.
> In my opinion both Gator and Kazaa should been baned from use as they
cause
> WAAAAAYYYYY to many issues.
>
> check in your registery to make sure that it is not on the system
>
> " ~¿~" <> wrote in message
> newsTsKa.21025$Ab2.42793@sccrnsc01...
> > For the last few weeks KazAa has been trying to send packets which
contain
> a
> > sub-7 trojan. It's being blocked by the firewall, but the thing is: I've
> > never used KazAa in my system. Anyone have any ideas why this service
> would
> > be sending trojans to people who have never even been to the KazAa site?
> >
> > Thanks
> >
> >
>
>

On Sat, 5 Jul 2003 08:26:54 -0500, "Jessica"
<> wrote:
>I use www.dnsredirector.com to prevent P2P File Sharing software and
other
>spyware from being used / installed on my clients networks
>
>If anyone out there has some more keywords (domain names) to block
let me
>know. (just reply here)
>Also, is there a website or list of more blocking keywords for this
program
>or others like it?
>(although I must say thier 'sample' keywords block 99.9% of the crap
I'm
>worried about)
>
>Jessica

Well, if you want to block P2P, you should also block Remote and Local
Ports 1214 (KaZaa, others), 6346 (Limewire), and 6699 (WinMX), in your
cleint's firewalls. It won't stop savvy users with the newer versions,
but it will stop the older versions of this software as well as the
less-savvy folks who don't know to use non-standard ports for P2P.

DNSredirector looks almost exactly like DNSKong, which I support and
for which I maintain updated lists. Feel free to use my named.txt
file, although nothing on my list is specifically keyed towards
stopping P2P itself; my main concern is the spyware and ad sites.

Share This Page

Welcome to Velocity Reviews!

Welcome to the Velocity Reviews, the place to come for the latest tech news and reviews.

Please join our friendly community by clicking the button below - it only takes a few seconds and is totally free. You'll be able to chat with other enthusiasts and get tech help from other members.
Sign up now!